Has Hardware Lock Elision gone forever due to Spectre Mitigation?

by

So, TSX may be disabled not to mitigate Spectre, but as a part of another vulnerability mitigation, TSX Asynchronous Abort (TAA).

Here’s relevant article on Intel website:

Which links to two more detailed articles:

Links contain the following information:

  • Some future or even current CPUs may have hardware mitigation for TAA, detected by IA32_ARCH_CAPABILITIES[TAA_NO]=1.
  • Otherwise if the CPU is susceptible to MDS (IA32_ARCH_CAPABILITIES[MDS_NO]=0), software mitigation for MDS will also mitigate TAA
  • In the case of IA32_ARCH_CAPABILITIES[TAA_NO]=0 and IA32_ARCH_CAPABILITIES[MDS_NO]=1, TAA should be mitigated by one of following:
    • Software mitigation
    • Selectively disabling TSX

Ability for above mentioned selectively disabling TSX arrives with microcode update. After such microcode update, ability to control TSX is controlled by IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1.

Now, about HLE. TAA article says:

Some processors may need to load a microcode update to add support for IA32_TSX_CTRL. The MSR supports disabling the RTM functionality of Intel TSX by setting TSX_CTRL_RTM_DISABLE (bit 0). When this bit is set, all RTM transactions will abort with abort code 0 before any instructions can execute within the transaction, even speculatively. On processors that enumerate IA32_ARCH_CAPABILITIES[TSX_CTRL] (bit 7)=1, HLE prefix hints are always ignored.

The HLE feature is also marked as removed in Intel® 64 and IA-32 Architectures
Software Developer’s Manual:

2.5 INTEL INSTRUCTION SET ARCHITECTURE AND FEATURES REMOVED

Intel® Memory Protection Extensions (Intel® MPX)
MSR_TEST_CTRL, bit 31 (MSR address 33H)
Hardware Lock Elision (HLE)

I believe that I have answers to my questions:

Is this correct that Hardware Lock Elision is disabled for all current CPUs due to Spectre TAA mitigation, and any attempt to have a mutex using HLE intrinsics/instructions would result in usual mutex?

Yes. It is deprecated. Unless Intel undeprecates it.

Is this likely that there will not be anything like HLE mutexes in future to avoid vulnerabilities like Spectre?

No. There is still RTM, which may be not disabled, and it can be used to create mutexes like HLE mutexes. There may also may be future processors not susceptible to TAA, RTM may work for them.

More Related Contents:

  1. What is a retpoline and how does it work?
  2. How does the SQL injection from the “Bobby Tables” XKCD comic work?
  3. Are HTTP cookies port specific?
  4. Salt Generation and open source software
  5. Is “double hashing” a password less secure than just hashing it once?
  6. Authentication versus Authorization
  7. Where to store JWT in browser? How to protect against CSRF?
  8. Floating point vs integer calculations on modern hardware
  9. Remove Server Response Header IIS7
  10. Is it safe to enable CORS to * for a public and readonly webservice?
  11. Lost Cycles on Intel? An inconsistency between rdtsc and CPU_CLK_UNHALTED.REF_TSC
  12. What is the purpose of base 64 encoding and why it used in HTTP Basic Authentication?
  13. Differences Between Rijndael and AES
  14. Convert .pfx to .cer
  15. Preventing Brute Force Logins on Websites
  16. Does HTML5 allow you to interact with local client files from within a browser
  17. Docker and securing passwords
  18. Should I hash the password before sending it to the server side?
  19. Send mail via Gmail with PowerShell V2’s Send-MailMessage
  20. Difference between x86, x32, and x64 architectures?
  21. Disable cross domain web security in Firefox
  22. CSRF protection: do we have to generate a token for every form?
  23. Why flush the pipeline for Memory Order Violation caused by other logical processors?
  24. Is garbage allowed in high bits of parameter and return value registers in x86-64 SysV ABI?
  25. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  26. x86 32 bit opcodes that differ in x86-x64 or entirely removed
  27. Arithmetic identities and EFLAGS
  28. How to send password securely via HTTP using Javascript in absence of HTTPS?
  29. My website got hacked.. What should I do? [closed]
  30. What is the compatible subset of Intel’s and AMD’s x86-64 implementations?

Leave a Comment